You really hate the man who created that library

Listen man, your content is completely astounding, I've never been more excited over a video about ads. Keep it up!

I don't know if the guy selling the script is mad or amazed...

that guy who sells this stuff starts getting even more mad now :D

I'm in awe at both the tenacity and (perhaps) ingenuity of the popunder maker, but also of your ability to document your train of thought. Shame I can't subscribe more than once :D

Thank you so much for this. Not only are you providing quality content but you are making the Internet more secure and usable. I always feel like it's a privilege to the sites that they can use JS on *my systems*. So they should obey my rules, not the other way round. Browser exploits should be illegal, I clearly disallowed pop-ups/unders and these sites still hack my system with commercial intent.

I absolutely love your videos , I must say I understand only 40-50% of what you say , but that gives me motivation to read about stuff that I have never heard before . Keep up the good work man :)

this popunder guy is just on next level

I think we all agree JavaScript shouldn't run through PDF documents. Seems like a gaping attack vector.

I don't understand 10% of this, but I am *AMAZED* with your programming skills.

If anyone sees this, the functionality of the extension he is talking about can be accomplished with the chrome extension “Resource Override” which lets you replace a websites JavaScript with local written scripts, inject it into the head or body and modify request/response headers as well. I went through a whole reverse engineering/scraping exercise and was able to troubleshoot a great deal with this functionality. I could copy the original pages JavaScript into a new JS file, replace it at the HTTP request level with and iteratively edit my copied JS file to investigate what the obfuscated functions did as well as which were necessary and which were trying to prevent reverse engineering and comment those out. Just thought I’d mention it in case someone stumbles across on this the way I did. Stay safe all!

I had the exact same idea, and have been working on the browser logging/strace/ltrace thing ever since your last video! I've run into tons of problems but have a halfway working prototype. I'll throw it up on github when I get something semi functional.

ok, the mouseup timing idea is amazing.

"How To Open A Window In 0.5 'A' Presses" :D

I bet the only dislike from this video is by the guy that sells the popunder services LMAO

Damm those are some very clever tricks!

The guy making these scripts must be so pissed

Does it break if you click extremely quickly or hold the mouse down for an extended period of time before releasing?

"The problem of being faster than light is that you can only live in darkness" - Google Chrome

I'm blown away. I've been programming for just over a year now and I don't think I'll ever be THIS good.

by the way, the anti debugger script won't work for smarter variations, like: function(){ eval('deb' + 'ugger'); } actually, setInterval itself can evaluate string code, so: setInterval('debugger',1); I don't think this would trigger the function constructor

always glad that people like you are finding all of those popunders so that we are not giving free views and losing bandwidth to some 13 year old playing CS:GO.

I like your videos so much and they helped me a lot, Thank you,keep going! Can you have an episode for AFL fuzzer or fuzzing as general idea? that would be great as I couldn't find a good simple explanation.

Great video yet again! Hopefully you are getting kickback from Google for bug bounties!

This is super cool. Please keep making more content.

The basic idea popunder

5:24 Nice German past tense suffix.

As a web developer I'm amazed, you take the time to explain everything

Ur My New Fav Channel I always Learn More From U It Hapen To Me That I Thought That The POPup Have been Close And It Was In the Back Thx Teacher

You could also make a userscript/tamper monkey script that will make this process faster (for prototyping)

Brilliant as usual .Thanks!

You are a Genius!

Hey man I just wanted to find out if you do any real world vulnerability research, and how much CTFs help with that, e.g finding sandbox escape bugs in chrome or linux kernel vulnerabilities? thanks for your videos.

I love your stories! :-D

Fantastic video! Thank you for posting it.

first thing the popunder library need to do is disble the demo page which help liveoverflow to know how it works and report it as a bug to chromium bugs

Yay fixed in version 69 :) EDIT: the pop under is appeared in another tab and returned me to my original page

thank you very much, you deserved a like

This is the reason Javascript needs permissions. Oh, you want to window.open()? nope, it's denied. Adblocker and NoScript only take you so far.

Wait is that why a lot of websites ask for notifications?

This reminds me of Death Note and other animes about hackers. This is the most epic battle lol

You should consider throwing the code into a deobfuscator first. It'd make debugging easier!

The founder pop under be like: Ah $hit here we go again

He's gonna piss of the advertising mafia they were totally saving a second exploit which they deployed.

my brain is about to explode

Alternative title: When "Fast" is Too Fast.

great stuff!

performance tab.damn. got u!

Isn't this really problematic .... My js isn't shabby and i can think of some very bad consequences of this.... If you can write that event listener to the second tab via that window object what stops you from taking anything from the current scope and sharing it via the second page?

Can I download a chrome extension you did?

Pop under is real scummy. Thanks for helping deal with that!

What happens then when you hold down mousebutton?

This is fucking genius.

9:22 hah toż to papieżowa liczba

If something like this exists as a job, what is it?

Are they giving you bug bounties on these?

Aren't they still collecting meta data from you , even if your leaving in the back ground?

Why do they use popunders?

It doesn't work anymore

Why is a script allowed to call document.write on another tab it just opened? Doesn't this make it possible to open any website and write a script to it to steal cookies like in XSS?

god this is amazing.

The L and the Kira DeathNotebook: Ads

I use I3, good luck popping under there

LifeOverflow - Reverse Engineering Popunders for Chrome to solve

There are obfusctators that rename everything to a combination if l and I so your lucky that this is not like that :)

Are You working in a VM or do you Forget to install a Video driver? 😁😥

Not working on Stable Chrome Mac :( didn't checked my chrome version. time to sleep.. good night.. Nice video ;) keep going.

0:46 "How?" Because Windows is crap in Security?

Perhaps you should start asking for money not to release videos... Let's say 100k for a week delay?! :D

I was new to push notifications couple of months ago... been doing research of best ad networks for push notifications. Tested couple of networks - eventually came across MonadPlug Push Monetization. I can saythat I regret not finding MonadPlug earlier, definitely check it out!

This is the definition of white hat

cmon hes just trying to make a living

Clever girl...

oida du bist ein Gott

Hey lieber LiveOverflow, ähnlich wie du hab ich mich immer für Reverse Engineering interessiert, konkreter: Malware Analysis Kannste mal sowas machen? Gruss

MonadPlug is an amazing ad-network for push monetization, just thought I should share it since my revenue increased by 20% after switching from another network.

..

it is a beautiful abuse of mechanisms

:)) clever

gi

Nice

Dude you never get to the point plus you have endless tangents. I can't take anymore

That's one of the reasons I use terminal based browsers for most of my browsing.